General

  • Target

    40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579_Sigmanly

  • Size

    4.3MB

  • Sample

    241224-mhbjjavpbq

  • MD5

    4b7a502ea349a1138dabc95986ae5f01

  • SHA1

    2fc5f42c5bb44566198a2069eb11327043216689

  • SHA256

    40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579

  • SHA512

    1238161d24634561b0de608d2857d82f99582c0b216c1d5cac02e5ec2039cc73b4b8211d48c58d8fe38c7599a284096d087659749dc037b3dacb6b9d1e891186

  • SSDEEP

    98304:VsA3f3OQ4tskTO2+947Yxgm9cHW6WwCOTHG3p1k2:H3OD3Zr7Ugm9cgom

Malware Config

Extracted

Family

cryptbot

Targets

    • Target

      40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579_Sigmanly

    • Size

      4.3MB

    • MD5

      4b7a502ea349a1138dabc95986ae5f01

    • SHA1

      2fc5f42c5bb44566198a2069eb11327043216689

    • SHA256

      40537aa62a4949ad137a04bcfaaf15e94634aeffb7c84ea34dc403f8f99c7579

    • SHA512

      1238161d24634561b0de608d2857d82f99582c0b216c1d5cac02e5ec2039cc73b4b8211d48c58d8fe38c7599a284096d087659749dc037b3dacb6b9d1e891186

    • SSDEEP

      98304:VsA3f3OQ4tskTO2+947Yxgm9cHW6WwCOTHG3p1k2:H3OD3Zr7Ugm9cgom

    • CryptBot

      CryptBot is a C++ stealer distributed widely in bundle with other software.

    • Cryptbot family

    • Enumerates VirtualBox registry keys

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks